
/sys^s^x United States Patent and Trademark Office 



.A 

JX 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


09/880,308 


06/13/2001 


Barry J. Glick 


774070-7 


7380 



23879 



7590 



10/12/2005 

BRIAN M BERLINER, ESQ 
O'MELVENY & MYERS, LLP 
400 SOUTH HOPE STREET 
LOS ANGELES, CA 90071-2899 



EXAMINER 



KIM, JUNG W 



ART UNIT 



PAPER NUMBER 



2132 

DATE MAILED: 10/12/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 


Application No. 

09/880,308 


Applicant(s) 

GLICK ET AL 


Examiner 

Jung W. Kim 


Art Unit 

2132 





« The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)S Responsive to communication(s) filed on 06 July 2005 . 
2a)D This action is FINAL. 2b)M This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) [3 Claim(s) 49-79 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) KI Claim(s) 49-79 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 

2) CH Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) D Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) O Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) □ Notice of Informal Patent Application (PTO-1 52) 

6) □ Other: . 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 7-05) 



Office Action Summary 



Part of Paper No./Mail Date 20051006 



Application/Control Number: 09/880,308 
Art Unit: 2132 



Page 2 



DETAILED ACTION 

1 . This Office action is in response to the amendment filed on July 6, 2005. 

2. Claims 49-79 are pending. 

3. Claims 49-79 are new. 

4. Claims 1-48 are canceled. 

5. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Continued Examination Under 37 CFR 1.114 

6. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on July 6, 
2005 has been entered. 

Claim Objections 

7. Claims 73-75 are objected to because of the following informalities: claim 73 
refers to the step of generating a user ID in claim 60, claim 73 should refer to the step of 
generating a user ID in claim 70; there is no corresponding step of generating a user ID 
in claim 60. Appropriate correction is required. 
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Claim Rejections - 35 USC §112 

8. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

9. Claims 49-69 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

10. The use of limitation "(ID)" renders the claims indefinite because it is not clear if 
"(ID)" is describing a shorthand for "user identification" or "identification" or something 
entirely separate. For example, in claim 49, the claim refers to both a "user ID" and an 
"ID". 

Response to Arguments 

1 1 . Applicant's arguments with respect to new claims 49-79 have been considered 
but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

12. Claims 49-52, 56-61 , 65, 66, 68-72 and 76-79 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Dustan et al USPN 5,884,312 (hereinafter Dustan) in 
view of MacDoran et al. USPN 5,757,916 (hereinafter MacDoran). 
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13. As per claim 49, Dustan discloses a method for maintaining state between a 
client and a server, the server being in communication with a database, comprising: 

a. providing a user identification (ID) that identifies the client (fig. 5, reference 
no. 176 and related text); 

b. transmitting the user ID to the server in a first communication with the 
server (fig. 5, reference no. 178 and related text); 

c. storing the user ID in the database as a state variable, the state variable 
corresponding to a first user session (fig. 5, reference no. 212); 

d. transmitting ID information to the server in a second communication with 
the server(fig. 6, reference no. 234 and related text); and 

e. comparing the ID information with the state variable to determine whether 
the second communication is part of the first user session or the beginning of a 
new user session (fig. 6, reference no. 236, 238, 240 and 242, and related text). 

Dustan does not disclose generating the ID based on a location value. MacDoran 
discloses generating the user ID using geodetic values of the user to identify and 
authenticate the user. These values are derived from signals received using GPS to 
locate a moving user at a specific time (Abstract; col. 2:10-61). Moreover, MacDoran 
discloses one of the advantages of using geodetic values is that it makes "spoofing" of 
the host device very difficult (1 :7-2:7). Therefore, it would be obvious to one ordinary 
skill in the art at the time the invention was made to generate a user ID based on the 
user location at a specific time. One would be motivated to do so since it enhances the 
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prevention of access to the sensitive information by unauthorized users (MacDoran, 
ibid). The aforementioned cover the limitations of claim 49. 

14. As per claim 50, the rejection of claim 49 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the generating step further comprises generating the user 
ID based on a location value that corresponds to the location of the client (MacDoran, 
col. 2:35-40). 

15. As per claim 51 , the rejection of claim 49 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the generating step further comprises generating the user 
ID based on a location value that includes a latitude and longitude dimension 
(MacDoran, col. 2:13-14). 

16. As per claim 52, the rejection of claim 51 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the generating step further comprises generating the user 
ID based on a location value that further includes an altitude dimension (MacDoran, col. 
2:13-14). 

17. As per claim 56, the rejection of claim 49 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the method further comprising the step of deriving an 
anonymous user ID from the user ID (Dustan, col. 9:4-7; 18:14-22; 19:53-56). 
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18. As per claim 57, the rejection of claim 56 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the deriving step further comprises mathematically 
encoding the user ID into the anonymous user ID (Dustan, col. 9:4-7; 18:14-22; 19:53- 
56). 



19. As per claims 58-61 and 65, they are claims corresponding to claims 49-52, 56 
and 57, and they do not teach or define above the information claimed in claims 49-52, 
56 and 57. Therefore, claims 58-61 and 65 are rejected as being unpatentable over 
Dustan in view of MacDoran for the same reasons set forth in the rejections of claims 
49-52, 56 and 57. 



20. As per claim 66, Dustan discloses an apparatus for facilitating interaction 
between a user and a web application on a remote server, comprising: 

f. a memory (fig. 1 ; reference no. 24); and 

g. a processor electrically connected to the memory (fig. 1 , reference no. 24) 
and adapted to: 

i. generate a user identification (ID), the user ID corresponding to a 
first user session between the user and the web application (fig. 5 t 
reference nos. 212 and 216 and related text); 

ii. store the user ID in the memory (fig. 5, reference no. 216 and 
related text; col. 10:40-44); 



Application/Control Number: 09/880,308 Page 7 

Art Unit: 2132 

iii. transmit a request to the server (fig. 6, reference no. 234 and 
related text); 

iv. include the user ID in the request if the request is part of the first 
user session (fig. 6, reference no. 234 and related text); and 

v. generate a new user ID and include the new user ID in the request 
if the request is part of a new user session (fig. 5, reference no. 174; fig. 6, 
reference no. 240 and related text). 

Dustan does not disclose a GPS receiver adapted to generate location data 
corresponding to the user's geographic location and generating the ID based on a 
location value. MacDoran discloses generating the user ID using geodetic values of the 
user to identify and authenticate the user. These values are derived from signals 
received using GPS to locate a moving user at a specific time (col. 2:10-61 ). Moreover, 
MacDoran discloses one of the advantages of using geodetic values is that it makes 
"spoofing" of the host device very difficult (1 :7-2:7). Therefore, it would be obvious to 
one ordinary skill in the art at the time the invention was made to include a GPS 
receiver to an apparatus to generate location data for a user and to generate a user ID 
based on the user location at a specific time. One would be motivated to do so since it 
enhances the prevention of access to the sensitive information by unauthorized users 
(MacDoran, ibid). The aforementioned cover the limitations of claim 66. 

21. As per claim 68, the rejection of claim 66 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the processor is further adapted to store the new user ID in 
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the memory if the request is part of a new user session (Dustan, fig. 5, reference no. 
216 and related text). 

22. As per claim 69, the rejection of claim 68 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the processor is further adapted to replace the user ID in 
the memory with the new user ID if the request is part of a new user session (Dustan, 
fig. 5, reference no. 216; fig. 6, reference no. 240). 

23. As per claim 70, Dustan discloses a method for communicating between a client 
and a server, comprising: 

h. generating a user ID that identifies the client (Dustan, fig. 5, reference nos. 
212 and 216, and related text); 

i. incorporating the user ID into a communication (fig. 6, reference nos. 232 
and 234, and related text); 

j. sending the communication to the server (fig. 6, reference no. 232 and 
related text); 

k. comparing the user ID to information stored in a database, the database 
being in communication with and accessible by the server (fig. 6, reference no. 
236 and related text); 

I. identifying the communication as part of a previous session if there is 
coincidence between the user ID and information stored in the database (fig. 6, 
reference no. 238 and 242, and related text); and 
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m. identifying the communication as part of a new session if there is no 
coincidence between the user ID and information stored in the database (fig. 6, 
reference no. 238 and 240, and related text). 
Dustan does not disclose generating the ID based on the location of the client. 
MacDoran discloses generating the client ID using geodetic values of the user to 
identify and authenticate the user. These values are derived from signals received 
using GPS to locate a moving user at a specific time (col. 2:10-61). Moreover, 
MacDoran discloses one of the advantages of using geodetic values is that it makes 
"spoofing" of the host device very difficult (1 :7-2:7). Therefore, it would be obvious to 
one ordinary skill in the art at the time the invention was made to generate a user ID 
based on the user location at a specific time. One would be motivated to do so since it 
enhances the prevention of access to the sensitive information by unauthorized users 
(MacDoran, ibid). The aforementioned cover the limitations of claim 70. 

24. As per claim 71 , the rejection of claim 70 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the generating step further comprises generating the user 
ID based on a location value that includes a latitude and longitude dimension 
(MacDoran, col. 2:13-14). 

25. As per claim 72, the rejection of claim 71 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the step of generating a user ID further comprises 
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generating the user ID based on a location value that further includes an altitude 
dimension (MacDoran, col. 2:13-14). 

26. As per claim 76, the rejection of claim 70 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the step of generating a user ID further comprises 
generating the user ID from location data acquired from a GPS receiver (MacDoran, fig. 
1 , reference no. 103 and related text). 

27. As per claim 77, the rejection of claim 70 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the method further comprises deleting the user ID upon 
completion of the previous session (Dustan, fig. 7, reference no. 300 and related text). 

28. As per claim 78, the rejection of claim 70 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, Dustan discloses logging user activity in a log table 
including the data and time of user logon and log off, and all of the individual request 
made by a user during a session (col. 13:10-28). Information identifying these events to 
a single user requires logging a user identifier. The account number of the user ID is 
the obvious choice since it uniquely identifies the user. Therefore, it would be obvious 
to one of ordinary skill in the art at the time the invention was made to maintain at least 
a portion of the user ID upon completion of the previous session. One would be 
motivated to do so since this enables logged actions to be traced to a specific user in an 
audit report. 
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29. As per claim 79, the rejection of claim 70 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, the step of incorporating the user ID into a communication 
further comprising incorporating the user ID into a cookie file and incorporating the 
cookie file into the communication (Dustan, col. 10:40-44). 

30. Claims 53-55, 62-64 and 73-75 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Dustan and MacDoran, and further in view of Fraker et al. USPN 
5,919,239 (hereinafter Fraker). 

31. As per claims 53 and 54, the rejection of claim 49 under 35 U.S.C. 103(a) is 
incorporated herein, (supra) Although Dustan does not expressly disclose generating 
the user ID based on a temporal value that corresponds to the creation of a user ID, the 
generation of an user ID based on the geographic location of the user as taught by 
MacDoran is derived by the location of a user at a specific time. Moreover, this idea of 
associating a time value with the location values is also taught by Fraker, wherein the 
time of the position data is gathered along with the position data and stored with the 
position data (fig. 5, reference nos. 310 and 312, and related text). Because the time of 
deriving the geographic location is critical to identify a user's location, it would be 
obvious to one of ordinary skill in the art at the time the invention was made for the user 
ID to be based on a temporal value corresponding to the creation of the user ID; a 
temporal value identifies when the location of the user was determined for proper 



Application/Control Number: 09/880,308 Page 12 

Art Unit: 2132 

authentication of the user. The aforementioned cover the limitations of claims 53 and 
54. 

32. As per claim 55, the rejections of claim 53 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) In addition, having thfe temporal value correspond to the invocation of 
an Internet browser session is an obvious enhancement since the user ID is needed 
only when an Internet browser session is established (Dustan, fig. 5, reference no. 176 
and fig. 6, reference no. 234). It would be obvious to one of ordinary skill in the art at 
the time the invention was made for the temporal value to correspond to the invocation 
of an Internet browser session, since the user ID is utilized when a user accesses 
information from the start of a browser session (Dustan, col. 7:53-62). The 
aforementioned cover the limitations of claim 55. 

33. As per claims 62-64, they are claims corresponding to claims 53-55 and 60, and 
they do not teach or define above the information claimed in claims 53-55 and 60. 
Therefore, claims 62-64 are rejected as being unpatentable over Dustan in view of 
MacDoran and Fraker for the same reasons set forth in the rejections of claims 53-55 
and 60. 

34. As per claims 73-75, they are claims corresponding to claims 53-55 and 70, and 
they do not teach or define above the information claimed in claims 53-55 and 70. 
Therefore, claims 73-75 are rejected as being unpatentable over Dustan in view of 
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MacDoran and Fraker for the same reasons set forth in the rejections of claims 53-55 
and 70. 

35. Claim 67 is rejected under 35 U.S.C. 103(a) as being unpatentable over Dustan 
and MacDoran, and further in view of Hunter, JAVA Servlet Progamming, Chapter 7: 
Session Tracking (hereinafter Hunter). 

36. As per claim 67, the rejection of claim 66 under 35 U.S.C. 103(a) is incorporated 
herein, (supra) Dustan does not expressly teach deleting the user ID from the memory 
when the web-browser application is closed. However, this action is a notoriously well- 
known default function of a web browser. This step prevents information in a cookie 
stored in a user's browser from persisting after the web-browser application is closed. 
This ensures that information only relevant for the duration of a given operation of a 
browser should persist during this time period. For example, Hunter discloses the JAVA 
function call that removes a cookie once the browser exits (pg. 204, "public void 
Cookie.setMaxAge(int expiry)," "A negative value indicates the default, that the cookie 
should expire when the browser exits."). Therefore, it would be obvious to one of 
ordinary skill in the art at the time the invention was made to delete the user ID from the 
memory when the web-browser application is closed. One would be motivated to do so 
due to inertia-it's the default setting. The aforementioned cover the limitations of claim 
67. 
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Conclusion 

37. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

38. Hunter, Jason; Java Servlet Programming , Chapter 7: Session Tracking, 
discloses coding examples and class functions to track a users session using Netscape 
cookies. Examples include identifying new vs. old sessions, creating new state 
variables, invalidating stale sessions, storing session Ids, and binding sessions to 
events. 

39. Koss USPN 6,731,612 discloses generating location values with mobile browsers 
communicating wireless with servers and sending http requests with the location 
coordinates of the mobile browsers to customize the content in accordance with the 
location of the browser. 

40. Denning, Dorothy "Location-Based Authentication: Grounding Cyberspace for 
Better Security" discloses an overview of using location signatures to authenticate a 
user to a server. 

Communications Inquiry 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W. Kim whose telephone number is 571-272-3804. 
The examiner can normally be reached on M-F 9:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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